package tmt.usercenter.web.configure.security;

import com.tmt.annotation.ResourceIdDescriptor;
import com.tmt.annotation.ScopeDescriptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;

@Configuration
@EnableResourceServer
@ScopeDescriptor(value = "uc_api_info", title = "用户中心APP接口信息", description = "用户中心APP接口信息SCOPE", order = 2)
public class ApiResourceServerConfiguration extends ResourceServerConfigurerAdapter {

	@ResourceIdDescriptor(title = "用户中心APP接口资源", description = "用户中心APP接口资源", order = 2, scope = {"uc_api_info"})
	public static final String RESOURCE_ID = "uc_api_info_res";

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.requestMatchers().antMatchers("/api/user/**")
				.and()
				.authorizeRequests()
				.antMatchers("/api/user/**").authenticated();
		/**
		 * 以下可以控制客户端必须具备的SCOPE
		 */
		//.access("#oauth2.hasScope('write')");
		;
	}

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
		resources.resourceId(RESOURCE_ID)
				.stateless(true);
	}
}
